We take the security of your data seriously and build it in, rather than bolting it on.
Access and authentication
Sign-in is protected by passwords stored only as secure hashes, optional two-factor login, role-based access, and least privilege. A second secret is required for sensitive actions such as exporting or erasing data, so a stolen password alone cannot do harm.
Encryption and isolation
Data is encrypted in transit and at rest. Client data is isolated per account, and report downloads use signed links that expire.
Oversight and audit
Every meaningful action is recorded in a full activity log, so anything you did not do is visible immediately. Logs are scrubbed of secrets.
Honesty
No system can be called unbreachable, and we do not claim that. We make it genuinely secure, keep improving it, and tell you the truth about where it stands.